terraform-provider-ad
terraform-provider-ad copied to clipboard
hashicorp
Apply doesn't work - Still creating
Hello,
I'm trying to use this provider to create groups on a Active directory server but nothing happen when I apply.
Is it a bug or a bad configuration ?
Best regards,
Thomas
Terraform Version and Provider Version
terraform version : 13.4 ad provider: 0.4.2
OS
I use a linux machine to launch terraform. (Nixos)
Affected Resource(s)
ad_group
Terraform Configuration Files
provider.tf
provider "ad" {
winrm_hostname = "192.168.1.1"
winrm_username = "test_account"
winrm_password = "xxxxxx"
winrm_insecure = true
krb_realm = "test.lan"
krb_conf = "./krb5.conf"
krb_spn = "HTTP/srv.test.lan"
}
ad.tf
resource "ad_group" "elk_testi" {
name = "elk_testi"
sam_account_name = "sam_elk_test"
container = "OU=groups,OU=ELK,OU=Applications,OU=TEST,OU=Organizations,DC=test,DC=lan"
}
krb5.conf
[libdefaults]
default_realm = TEST.LAN
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
STAINFRA.CIRB.LAN = {
kdc = 192.168.1.1
admin_server = 192.168.1.1
default_domain = TEST.LAN
}
[domain_realm]
.test.lan = TEST.LAN
test.lan = TEST.LAN
Debug Output
2021-04-28T10:08:21.984+0200 [INFO] plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] sanitising key "" to:: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO] plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Adding group with name "elk_testi": timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO] plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Running command New-ADGroup -Passthru -Name "elk_testi" -GroupScope "global" -GroupCategory "security" -Path "OU=groups,OU=ELK,OU=Applications,OU=TEST,OU=Organizations,DC=test,DC=lan" -SamAccountName "sam_elk_test" | ConvertTo-Json via powershell: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO] plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Encoded command: powershell.exe -EncodedCommand TgBlAHcALQBBAEQARwByAG8AdQBwACAALQBQAGEAcwBzAHQAaAByAHUAIAAtAE4AYQBtAGUAIAAiAGUAbABrAF8AdABlAHMAdABpACIAIAAtAEcAcgBvAHUAcABTAGMAbwBwAGUAIAAiAGcAbABvAGIAYQBsACIAIAAtAEcAcgBvAHUAcABDAGEAdABlAGcAbwByAHkAIAAiAHMAZQBjAHUAcgBpAHQAeQAiACAALQBQAGEAdABoACAAIgBPAFUAPQBnAHIAbwB1AHAAcwAsAE8AVQA9AEUATABLACwATwBVAD0AQQBwAHAAbABpAGMAYQB0AGkAbwBuAHMALABPAFUAPQBDAEkAUgBCACwATwBVAD0ATwByAGcAYQBuAGkAegBhAHQAaQBvAG4AcwAsAEQAQwA9AHMAdABhAGkAbgBmAHIAYQAsAEQAQwA9AGMAaQByAGIALABEAEMAPQBsAGEAbgAiACAALQBTAGEAbQBBAGMAYwBvAHUAbgB0AE4AYQBtAGUAIAAiAHMAYQBtAF8AZQBsAGsAXwB0AGUAcwB0ACIAIAB8ACAAQwBvAG4AdgBlAHIAdABUAG8ALQBKAHMAbwBuAA==: timestamp=2021-04-28T10:08:21.983+0200
2021-04-28T10:08:21.984+0200 [INFO] plugin.terraform-provider-ad_v0.4.2: 2021/04/28 10:08:21 [DEBUG] Executing command on remote host: timestamp=2021-04-28T10:08:21.983+0200
2021/04/28 10:08:25 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:26 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:26 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:30 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:31 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:31 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
ad_group.elk_testi: Still creating... [10s elapsed]
2021/04/28 10:08:35 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:36 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "ad_group.elk_testi"
2021/04/28 10:08:36 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/04/28 10:08:40 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/nixpkgs/ad\"] (close)" is waiting for "ad_group.elk_testi"
Expected Behavior
Create a group.
Actual Behavior
Nothing happened.
Steps to Reproduce
terraform initterraform planterraform apply
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
I think I know where the issue is. As I'm using a unix machine, I cannot exec 'powershell.exe' from there :
https://github.com/hashicorp/terraform-provider-ad/blob/e4b2ec2267a63f68b2b4366ca13e17ca97eb57e0/ad/internal/winrmhelper/winrm_helper.go#L90
I installed powershell on my machine but It doesn't work too. Maybe due to ´.exe´ extension. This provider seems specifically dedicated to Windows machines.
Hello @Kronk74 ,
It doesn't have anything to do with powershell.exe. As long as your winrm client (regardless of the os) can authenticate to the remote server it should work as it's the remote server (domain controller/ server with rsat installed) that will execute the cmd "powershell.exe -command ..."
At first side, based on your log output I don't really know where to look... Could it be a connectivity issue ?
Hello @jpatigny ,
Oki I understand better how it works. I'll try to see if winrm client on my linux machine work and can reach AD server. Thanks for your message.
Hello guys. I am seeing this exact same behaviour today when testing creating an AD group with this provider. From my Mac machine it just seems to hang and never create the AD group. Did either of you get to the bottom of this?
I'm seeing the same issue when using "ad_group_membership". Getting stuck on "Still creating..." and either timing out or have to cancel manually. I've tried a bunch of stuff and nothing seems to be working.
